#!/bin/bash

#set ntp
yum -y install ntp
echo "01 01 * * * /usr/sbin/ntpdate ntp.api.bz  >>/dev/null 2>&1" >>/etc/crontab

#set the file limit
ulimit -SHn 65535
echo "ulimit -SHn 65535" >> /etc/rc.local
cat >> /etc/security/limits.conf << EOF
*               soft          nofile            60000
*               hard         nofile            65535
EOF

#tune kernel parametres
cat >> /etc/sysctl.conf <<EOF
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 1024 65535
EOF
/sbin/sysctl -p

#set ctrl-alt-delete to guard against the misuse
sed -i 's@ca::ctrlaltdel:/sbin/shutdown -t3 -r now@#ca::ctrlaltdel:/sbin/shutdown -t3 -r now' /etc/inittab

#disabled selinux
sed -i 's@SELINUX=enforcing@SELINUX=disabled@' /etc/selinux/config

#ssh setting
sed -i  -e '74 s/^/#/' -i -e '76 s/^/#/'  -i -e '120 s/^/#/ ' /etc/ssh/sshd_config
sed -i 's@#UseDNS yes@UseDNS no@' /etc/ssh/sshd_config
sed -i 's@#PermitRootLogin yes@PermitRootLogin no@' /etc/ssh/sshd_config
sed -i 's@#ClientAliveInterval 0@ClientAliveInterval 6@' /etc/ssh/sshd_config
service sshd restart

#disabled ipv6
echo "alias net-pf-10 off" /etc/modprobe.conf
echo "options ipv6 disable=1" /etc/modprobe.conf
echo "install ipv6 /sbin/modprobe -n -i ipv6" /etc/modprobe.conf
echo "IPV6INIT = no " >>/etc/sysconfig/network
sed -i 's@NETWORK_IPV6=yes@NETWORK_IPV6=no@' /etc/sysconfig/network
chkconfig ip6tables off

#vim setting
echo  "syntax on" >>/root/.vimrc
echo "set nohlsearch" >>/root/.vimrc
echo "set autoindent" >>/root/.vimrc

#chkconfig off services
chkconfig bluetooth off
chkconfig sendmail off
chkconfig kudzu off
chkconfig nfslock off
chkconfig portmap off








